Building Privacy into the Infrastructure: Towards a New Identity Management Architecture
52 Pages Posted: 25 May 2016 Last revised: 30 May 2016
Date Written: May 23, 2016
Abstract
We are at risk of becoming digitally transparent to both government and the private sector. As it is increasingly obvious that US law is not going to prevent the destruction of personal privacy, we urgently need better privacy tools, baked into the way we do transactions. A partial, but significant, privacy enhancement would be a new Identity Management Architecture (IMA) enabling multiple privacy-protective transaction-empowered digital personae per user. Each persona (or ‘nym if you prefer) would have the ability to communicate, and at least a limited ability to transact, in a manner that would not be linkable, or least very difficult to link, to the real identity of the user. By using a variety of personae for online transactions, reading, and communication, users would defeat — or at least vastly reduce the effectiveness — of commercial and perhaps also governmental profiling.
The problem is that an IMA that enables privacy enhanced personae is most unlikely to reach wide acceptance unless it is designed in a manner that makes it easy to use. It will not receive US governmental acceptance unless it also reduces the extent to which the personae can be used to break laws and evade contractual obligations. This paper thus discusses the legal and political considerations that might inform a requirements document for such an IMA with special reference to US law and likely US government reaction. It includes a survey of laws that parties engaging in or enabling anonymous or pseudonymous transactions should consider, and concludes with discussion of several critical design decisions including transnational credentials, the possibility of identity escrow for transactional personae, and speculation as to how personae might fare in the marketplace.
The timeliness of this proposal is demonstrated by David Chaum’s recent announcement of new privacy protocol, PrivaTegrity, that contains most of the features needed to engineer a privacy-enhanced IMA that might be acceptable to law enforcement. The need for some action, whether based on PrivaTegrity or otherwise, is very great — so critical that it may time to accept the previously unthinkable, and accept some form of identity escrow as part of the IMA.
Keywords: Privacy, Identity, Identity Escrow, Certificate Authorities, First Amendment
Suggested Citation: Suggested Citation